What is the significance of the userToken when connecting to a phoenix socket?

I have this code in my client JS, which was taken from example code:

const myId = `${(Math.random() * 10000).toFixed(0)}`;
this.socket = new Socket(url, {
    params: {userToken: myId},
    logger: ((kind, msg, data) => {})

I am not sure what the significance of the userToken is – I am currently not doing any auth, so can I just remove it?

It is primarily for auth yeah, and if you are just randomizing it then there is not much point to it anyway, so yeah you could remove it (and remove accessing it from your socket module). :slight_smile:

Do note, that allows anyone with any webpage anywhere to connect to your socket and do whatever, soooo, keep that in mind. ^.^

Thanks. In terms of anyone from anywhere connecting – they’ll just receive nonsense back down the wire. There isn’t any sort of malicious input they could submit, is there?

That depends on the API you expose over the websocket. :slight_smile:

ok, thanks - no danger in that case

You can find more info about it here: https://hexdocs.pm/phoenix/Phoenix.Token.html

1 Like